The recent revelations about NSA surveillance efforts, and especially the claims that the agency has been persuading or forcing software developers to put in backdoors into their offerings and has prevented them from talking about it publicly, has left many users wondering how they can be sure that the software they plan to use will not be used against them.

According to Mozilla CTO Brendan Eich and VP of mobile and R&D Andreas Gal, the solution is to use open-source software whose source code can and has been audited by independent security experts.

"Every major browser today is distributed by an organization within reach of surveillance laws. As the Lavabit case suggests, the government may request that browser vendors secretly inject surveillance code into the browsers they distribute to users" they pointed out in a blog post, but added that they "have no information that any browser vendor has ever received such a directive."

They, naturally, touted the company's Firefox browser as the best option, given that IE is completely, and Safari and Chrome partially, based on closed-source code.

Also, anyone who knows how to do it can verify that Firefox' source code has not been tampered with by building Firefox from source and comparing the built bits with the official distribution.

They have then invited and urged security researchers and organizations to audit Mozilla source and verified builds on a regular basis, and to develop automated systems that can verify official Mozilla builds from source, so that an alert can be raised as soon as possible if they don't match.

The company will also create such a verification system, and will ask people from around the world to participate. But, as they themselves say, "software vendors — including browser vendors — must not be blindly trusted," and they therefore ask independent security researchers to do it also.

Finally, they raised the possibility of audited browsers becoming "trust anchors" able to authenticate fully-audited open-source Internet services, and asked people who have attempted to do something similar to share their experience with them.

Spotlight

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

There is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect.